[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

BeBox Security Hole?




This looks like fun...

Cheers,
Bob Hettinga


>Date: Mon, 16 Oct 1995 23:07:58 -0700
>From: [email protected] (Michael D. Crawford)
>To: [email protected], [email protected]
>Subject: Re: BeBox development questions and answers
>Message-ID: <[email protected]>
>
>Jonah Benton asked Melissa Rogers about security:
>
>>>>are there ways of excluding certain users from certain parts of the file
>>>>system?
>>>No
>>>>
>>>>i believe you support telnet- can multiple users telnet in at once?
>>>>
>>>Yes
>
>The answers to these two questions suggests the existence of the following
>serious security problem, which can cause breaches on any other machine on
>the network.  This is a time-honored way for hackers to bust into machines
>on the Internet.
>
>do{
>   telnet to an Internet host that does not have adequate security
>
>   Patch the telnet client on the Be box to save keystrokes into a file
>
>   Log out
>
>   Wait a couple weeks
>
>   Telnet back in, retrieve the file.
>
>   Now you have the host names, account names, and passwords for several other
>   machines
>}while ( Internet != destroyed );
>
>Would someone from Be care to clarify?
>
>This isn't exactly on-topic for this list, but it is a serious problem.
>It's been going on for years on other OS's.
>
>Mike
>
>Michael D. Crawford             | I use anonymous digital cash from DigiCash.
>[email protected]           | Join the e-Cash trial at:
>http://www.scruz.net/~crawford/ | http://www.digicash.com
>

-----------------
Robert Hettinga ([email protected])
Shipwright Development Corporation, 44 Farquhar Street, Boston, MA 02131
USA (617) 323-7923
"Reality is not optional." --Thomas Sowell
>>>>Phree Phil: Email: [email protected]  http://www.netresponse.com/zldf <<<<<